General
-
Target
Free-Fortnite-Hwid-Spoofer-main.zip
-
Size
13.9MB
-
Sample
240928-3edsgstdle
-
MD5
916d25b0917489ce049397f885b07f75
-
SHA1
ac48f086cc3b769d6b5f9e194329dfa9946e1f24
-
SHA256
64fe939bdf7ce6702759b7ece2482a365ec06cd742e46f2b5ee87e766c9a1168
-
SHA512
f9eceff977635260659ac24e825a0f971fcb2f216c039da54c2350b021a0cd1e25f9eff75470b2aa90aa90063d1361c8efd18a26ef60a6e2ee81e67d5050928a
-
SSDEEP
196608:Y4t4b2VYuO9EjW+gZ9Lu7XD2jbgMleIJS9tGbDkkxmTsmYm0HKdbFrQzTV2bN9V1:Y4tVH2ExgZA7XaQMl1JSabQAKdbF9JJ
Malware Config
Targets
-
-
Target
Free-Fortnite-Hwid-Spoofer-main.zip
-
Size
13.9MB
-
MD5
916d25b0917489ce049397f885b07f75
-
SHA1
ac48f086cc3b769d6b5f9e194329dfa9946e1f24
-
SHA256
64fe939bdf7ce6702759b7ece2482a365ec06cd742e46f2b5ee87e766c9a1168
-
SHA512
f9eceff977635260659ac24e825a0f971fcb2f216c039da54c2350b021a0cd1e25f9eff75470b2aa90aa90063d1361c8efd18a26ef60a6e2ee81e67d5050928a
-
SSDEEP
196608:Y4t4b2VYuO9EjW+gZ9Lu7XD2jbgMleIJS9tGbDkkxmTsmYm0HKdbFrQzTV2bN9V1:Y4tVH2ExgZA7XaQMl1JSabQAKdbF9JJ
Score10/10-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
1